Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-Medium
New issue 1171 by [email protected]: Object.preventExtensions allows
setting the extensible bit cross-domain
http://code.google.com/p/v8/issues/detail?id=1171
Invoking Object.preventExtensions can be invoked cross-domain which should
not be allowed. We currently follow IE9 but firefox only allows reading the
extensible bit, not setting it cross domain. Safari currently does not
implement Object.isExtensible and Object.preventExtensions.
From a security perspective we should follow firefox here.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
